Posted
by
Soulskill
on Wednesday July 29, 2009 @10:03AM
from the think-of-the-towers dept.

AHuxley writes "Apple suggests that the nation's cellphone networks could be open to 'potentially catastrophic' cyberattacks by iPhone-using hackers at home and abroad if iPhone owners are permitted to legally jailbreak their wireless devices. The Copyright Office is currently considering a request by the Electronic Frontier Foundation to legalize the widespread practice of jailbreaking. Apple has responded to the request by saying that if the 'baseband processor' software — which enables a connection to cell phone towers — is exposed, then a user could crash the tower software, or use the Exclusive Chip Identification number to make calls anonymously. Apple also thinks its closed business model is what made the iPhone a success. The Vodafone scandal from a few years back showed how a network could be compromised, but that was from within. So, what do you think? Is Apple playing the 'evil genius' hacker card or can 'anyone' with a smartphone and a genius friend pop a US cell tower?"

I'd imagine that the software is locked down well enough for the current environment. Playing devil's advocate, you could see how somebody who had found an exploit in the iPhone OS could make anonymous calls. Or potentially launch a DoS on a tower is they had a large army of compromised iPhones. And, while I don't know jack about cell-phone-tower-handshaking-protocol, perhaps you could initiate some kind of DoS by doing the equivalent of a SYN flood with a smaller group of phones.

If the software is vulnerable, it is vulnerable with or without a jailbroken iPhone. Even confiscating every single iPhone in existence will not stop someone from taking advantage of the vulnerabilities, if they are so inclined.

True, this is like MS claiming allowing unauthorized applications and devices on the internet would break the ISP's or Tier 1 provider's routers and then locking up all applications with a App store raking in 30% of the cost compulsorily.

Also, from the response from Apple:

Looking at the four statutory fair usefactors,18 although the use per se of the modified iPhone bootloader and OS on an individualhandset is of a personal nature, it is not a transformative use, and because a jailbroken OS isoften used to play pirated content, the act of jailbreaking should be considered of a commercialnature since it facilitates obtaining applications without paying fees for the them.

snip...

In sum, the value of the OS software to the iPhone, and therefore to Apple, is that itenables the iPhone to function as a platform for the mobile computing experience thatdifferentiates the iPhone from its many competitors. This, in turn, increases the value of Appleâ(TM)siPhone copyrights and, again, overall consumer utility, making the iPhone a more attractiveproduct to consumers.

Huh? WTF? A jailbroken OS is often used to play pirated content? Apple keeps rejecting(censoring?) useful apps that developers and companies have spent lots of time and money on for silly reasons such as political content, duplication of functionality, mature content etc. The real reason is not piracy, it's because Apple wants to keep that 30% cut of all apps sold and control all the content while at the same time not angering AT&T with their approved Apps to keep the ~$17/month that Apple gets paid for each iPhone customer.

Worse, trusting the client is always an idiotic plan. Even if it isn't iSteve's precious baby, there will always be some phone(s) were the evil unauthorized users have access to the baseband(if nothing else, the people who design phones have to have the baseband interface specs, and I'm sure that sort of thing gets lost/dumpster dived/hacked/inside-jobbed from time to time). Solving cell tower security issues by trying to lock every handset would be like trying to make the internet safe by making Symantec Endpoint Security mandatory for all devices with public IPs.

This is just Apple wrapping themselves in the "Security" blanket to get what they want. Should we expect a series of PSAs about how iPhone jailbreaking aids the terrorists?

One cell phone a mile away from a tower can block the tower from all the other cellphones? I call pure unadulterated BS. This sounds like old wives' tales(esp. coming from a AC) like the tales the G4 and G5 are better than their Intel equivalents. Will not stop it from getting modded up though, as it already is.

One cell phone a mile away from a tower can block the tower from all the other cellphones? I call pure unadulterated BS. This sounds like old wives' tales(esp. coming from a AC) like the tales the G4 and G5 are better than their Intel equivalents. Will not stop it from getting modded up though, as it already is.

Yes, actually it can. Before you call BS you might want to familiarize [wikipedia.org] yourself with the technology.

In a CDMA system each client transmits on the same frequency. The base station tells each client how much power to use so that the received power at the base station is the same for each client. If one client is broadcasting with excess power then it lowers the signal to noise ratio at the base station for the other clients. Taken to the extreme it can disrupt communications.

The original iPhone supports GSM, considered a 2G standard. The iPhone 3G supports GSM and a 3G standard called UMTS, which is designed to be used alongside GSM networks. UMTS uses a CDMA air interface.

Very true. People don't seem to understand that Smartphones are very different from the average nokia brick. To a smartphone the baseband is little more than a modem.

It exposes a couple of interfaces. One is the voice interface, one is that high-speed data interface (this might be the same as the voice interface), and last but not least we have a serial port interface that is used to control the modem, including a AT-style command set.

You can add such a modem to any laptop too. They sell them, and call them

If you were a giant company making shit-tons of money for lazy coding, would you pay for the security changes, or would you do the much cheaper and simpler option of passing legislation that makes breaking your crappy code illegal?

"When you outlaw hacking cellphones,"then only criminals will have working phones!"

That meme doesn't quite work here, but the point is valid. Passing a law to stop people from hacking cellphones is Not going to ctop criminals from attacking towers anyway. Criminals don't give a fuck about laws.

Why single out Apple products. The whole concept of a "smart phone" is ingsoc lies.

A phone is the piece of tech that you can never really own. Many people accept this and take the "free" phone, and pay the high monthly rental.The built in obsolescence has got to be one of the worst in the industry.

MP3 player, calendar, organiser, GPS, ebook reader, camera, bomb, those can all converge as much as they like. Just not with anything that needs a SIM card.

I mean, theoretically anyway. The Neo Freerunner was a tragically badly run project with old technology, a huge price tag and general stink of FAIL. That said, it was a fully programmable phone that you owned and could be used just fine with a base station. Hell, dev models of the android phones are also like this.

Built in obsolescence is only a problem because the state of the art is advancing so rapidly. Like PCs in the late 90s and e

A phone is the piece of tech that you can never really own. Many people accept this and take the "free" phone, and pay the high monthly rental.

If people want a basic phone, and don't care about the fancy smartphone features, then why shouldn't they be able to pay less for a cheaper model? I do think they should give you a discount if you didn't have them subsidize the phone (use your own device, or pay full retail for the phone), as it does seem unfair that the person who got a $200 dollar subsidy, and is paying it off over two years, pays the same as someone who doesn't owe them that money.

Also, you can easily "own" a phone. Many online retailers, even official manufacturer's websites (Motorola.com for example), as well as physical retail stores, let you buy a phone at full price, without having to sign a contract. When you do sign up for a plan, there's no term commitment or ETF, because you've already payed full price for the phone.

In the US, the common plan for a mobile phone comes as a two-year contract. After that, you can cancel your service at any time, and they won't bug you to send the phone back or pay them back for it by paying the ETF.

The built in obsolescence has got to be one of the worst in the industry.

Are you expecting them to let you upgrade the RAM or something? Throw in some PCI slots?

MP3 player, calendar, organiser, GPS, ebook reader, camera, bomb, those can all converge as much as they like. Just not with anything that needs a SIM card.

My current smart phone (an HTC device) can do all that with the SIM card removed, no monthly fees or anything. Well, I haven't tried using it as a bomb, but I'd imagine that wouldn't need a SIM card either.

What Apple is saying is wrong. Everybody with any knowledge of the system knows it's wrong; even if cell towers were susceptible, jailbreaking doesn't touch the baseband software on the phone. Yet they make the claim anyway, knowing it's false, presumably because they're hoping nobody involved in this process at the Copyright Office has the technical knowledge to know it's BS. Let's call this what it is: it's a lie.

Shouldn't there be some sort of consequences for just lying in a process like this? I know in courts there is perjury, for lying under oath, but what legal consequences are there for lying in this kind of situation?

Not only that, but if it really is such a big problem, then fix the cell architecture. The thing I find truly laughable is the justification that a drug dealer could use this to make anonymous calls/data transfer/whatever. The whole point of this discussion is to give *legitimate, honest citizens* the right to modify their phones. Do you think the drug dealer is worried about whether or not it is legal or not? He's already breaking the law in trafficking drugs, what's running the Pwnage tool going to hu

I have an iphone on pay as you go. I have no contract, and the phone is mine.. but I had to use jailbreaking software to unlock it. On *every* other phone I can get an unlock for free or near free just by phoning the phone company (some of them insist you add £30 or so to the pay as yo go account first).

This is why people end up modifying basebands.. it's an apple created problem. It's a bit rich that they then have a go at users for doing it.

Exactly my thoughts. If the iphone is so damn dangerous, then apple should be forced to recall all of them off the market. There can be no double standards here: if the device is bad for the networks then the device should not be approved. If the device is OK (and it certainly is) then stop bitching when people do what they want with the device they OWN.

Don't ALL cell phones, even that aren't iphones, especially those which have the capability to install software on them, have this same problem?

No, you're not able to access or change the baseband software. Also, jailbreaking the iPhone doesn't change the baseband AFAIK. Only the SIM-lock does require changing the baseband, which is a completely separate issue.

So what Apple really wants, is to save us all from cellular catastrophe by locking us to AT&T and O2? The network that can't make MMS work and the network that lost a sizable chunk of its coverage because of a single, trivial fire last week? It's like saying you'll protect me from corruption by securing the jobs of MPs.

The baseband hack is the thing they're actually arguing against, in practice. That's what their argument targets, even if they're nominally going for the necessary-but-not-sufficient step of jailbreaking. You can bet that's what they'll fall back to. In fact, it's a good rhetorical strategy: they'll decide to "meet us in the middle" with the compromise of allowing jailbreaking, but rendering baseband hacking (and thus unlocking) outlawed.

Most cellphones do *not* use a separate baseband processor, because this is expensive. Almost all non-smartphones only have one processor which runs a realtime proprietary OS responsible for both the UI and the modem stack: Nokia S40 is the prime example of this.

Some smartphones have a separate baseband processor, true, but only because the OS the application processor runs is not realtime and thus not capable of supporting a modem stack; and even then many of them just run the application OS as a subtask o

The hackers have already been granted an exception to unlock the phone, and ACTUALLY screw with the baseband, jailbreaking just takes away Apples control of the OS running on the main processor, and they don't like that. They are full of shit if this is their excuse, because as i said, unlocking is already legal.

Apple is just trying to bad monopolist and keep the cash rolling in. Next it would not have a lock on apps, hence anyone can load what they want as service (background) - so Skype or Google app can vut the phone use costs.

If a jailbroken iPhone can potentially crash a cell tower but a regular run-of-the-mill cell phone cannot, it really makes me wonder what cool toys they've hidden in the jesus phone that makes it so life-threateningly dangerous that it needs to be encased in a kryptonite shield.

If a person is going to commit a felony "cyberattacks", why the hell would they worry about the legality of jailbreaking? It's like armed bank robbers worrying that they're fully automatic rifle isn't legal.

Instead of locking the whole thing down, just lock down the baseband processor. That way people who want to run their own apps can do so without having to jailbreak anything, and the baseband processor won't have any attention given to it. But of course this would still be a problem with AT&T, who provides the connectivity.

That's what every other mobile operating system does. Apple is essentially suggesting that they are less competent.

Remember how they were playing up the "security flaws" of the other mobile devices, to rationalize not having an SDK, then to rationalize having a closed SDK, and yet, every jailbreak technique roots the device. The iPhone is demonstratively the least secure mobile device out there.

We all know the deal. If I wanted to compromise said cellular network, I could use the current published, freely, and openly available jailbreaking techniques. If they legalize jailbreaking of the phones, it is not going to legalize hacking cellphone towers, so the people that are going to do it are already trying.
This is just a another preemptive strike by Apple. They are going to lose credibility, because too much press in a short ammount of time for a company can be just as bad as flying under the wire. I think it is time they slip back into the ether and keep quiet for a few weeks.

In order for the towers to be protected, there must be a *law* against jailbreaking (a practice that is currently perfectly feasible, just questionably legal). Will the law, sensing a helpless tower is in danger, jump off the page and stop the evil hacker from using his jailbroken phone to expose flaws in the upstream hardware/software, and save the day?

Even if this is true, legislation is clearly NOT the way to go here. Either they are giving away too many secrets just by having easily exploited hardware/software in consumers hands, or they are running woefully unprotected towers (or both). In any case, a law against it isn't going to do a whole lot except speed the prosecution of said 'evil hacker' who would already be breaking numerous laws anyway.

Apples isn't so much worried about hacking as it's a possibility with any smartphone. It's worried more about it's profit margin with exclusive contracts; this allows them to take a percentage of the contracts rather while undercutting the price of their devices. If they were to lose this exclusivity, they would either have to raise the price of their devices again or accept that their profit margins have been cut... and that is the real thing they are arguing against.

Because it being illegal will stop those intent on using their phones for nefarious purposes FROM JAILBREAKING THEIR iPHONES? Sorta like how traffic laws will prevent robbers from double parking while pulling a bank heist (double parking the vehicle can speed the getaway!!).

The network argument was core to protecting the old Ma Bell (former/real AT&T) for many years. They used the same argument that unapproved equipment could damage the network. Now the new AT&T (and Apple) is trying the same argument about "danger" to infrastructure. Although there many have been some technical reasons for both arguments, it's really about profit.

I hope the software/hardware on the towers and switching systems is robust enough to handle rouge events. Even if there aren't jail bro

What a bunkerload of crap. it's either the IPhone OS that allows that because of a flaw, or just plain FUD (my friend Occam tells me his razor points to the second option). In both cases, why can't we do it with other phones that aren't IPhones? Huuuumm??

Apple doesn't learn. This very same strategy is what gave Microsoft such a big opening in the 80s. If Apple sticks to the closed system approach they will have higher price points in the short term, but long term will lose out to more open platforms like Android where the incentives for a more diverse network of partners will be greater.
In the early 80s Apple outsold IBM and everybody else in PCs. They took their Apple II win and moved up-market with the Mac. Sure the technology and user experience were radically better than the competition, but they further closed down the platform to partners and end users. Pretty quickly the open platform, multi-vendor combination promoted by IBM, Microsoft, and Intel won the day - even though it didn't work as well.

If a few rouge iPhones are capable of messing up the cellphone network, then isn't that a general problem with the network rather than if the user has access to all the settings of the device? I mean, build a few phone-like devices in your garage, set them all to go off at a certain time, then drive around and drop the "bombs" near different towers. Why is the iPhone anything special?

Is the problem with any cellphone that allows you to install your own software or are jail broken iPhones the only potential terrorist threat? This could be really dumb for Apple, you know equating their own product to anthrax and missing nukes. It certainly didn't work for BioTerror Coke.

This is IDIOTIC. How can any reasonable person possibly buy this argument.

Anyone that wants to bring down a cell phone tower or cell network IS NOT GOING TO CARE whether or not it's LEGAL to screw with the cell radio baseband software. They are ALREADY attempting to do something much worse.

Let's be honest here, the "security" aspect of this argument is a smokescreen. It's blatantly all about the profit!

Furthermore, the cellular network should NOT be so fragile that a single rogue cell phone could take it down (AFAIK it is not). BUT if AT&T is truly insistent on making this argument, then I believe a full investigation by the FCC is mandated. The self-admitted fragile state of their network means that their stewardship of a public resource (radio spectrum) is being poorly managed and truly endangering national security.

WinMo phones have been open to app developers for years, I don't see them crashing cell towers.

Similarly, people have been "cooking" custom OS image ROMs for WinMo phones for years, and I haven't heard of them crashing cell towers either.

So either the iPhone has no way of crashing cell towers if arbitrary applications are run on it, or it has a severely deficient hardware/software architecture compared to Windows Mobile in terms of security.

Additional research by Apple Labs has shown that unlocked iPhones cause erectile dysfunction, global warming, birth defects, and leprosy. Protect yourself by purchasing a new, locked iPhone with a five year contract extension. It's the only way to be safe.

This sounds a lot like the 40-year-old Carterfone decision [arstechnica.com], where AT&T argued that allowing people to connect third-party devices to their network could disrupt or degrade service. I'm pretty sure that modems and Panasonic phones didn't ruin the telephone system, and I have a feeling that jailbroken iPhones wouldn't be the end of the world, either.

Caveat: My understanding of "jailbreaking" is that this allows people to run applications not available in the app store. IE, applications that haven't been blessed by Apple. This is different from unlocking the phone, which allows you to change carriers.

Given that, what is the difference between an iPhone running arbitrary apps and any other smartphone doing the same thing? I'm trying to get my mind around this. Is Apple saying that the fact I could install some third party app on my Treo 750 back when I had it, or can on my Blackberry now, does *not* present a threat to cell towers, but installing a non-blessed 3rd party app on the iPhone does? If so, what makes the iPhone different?

Or is it that this is a danger with all smartphones, and Apple is trying to be responsible with the platform under their control? If so, why haven't we seen widespread reports of people crashing cell towers willy-nilly with some poisonous app running on a Curve?

By this notice, is Apple saying that they have done a thorough security analysis of each and every one of the 65,000 apps available on the app store, and is offering assurance that none of these apps have the ability, say some hidden easter egg, of bringing down a cell tower? Is Apple thereby assuming liability for any cell tower damage that might incur from an app available from the app store? Apple's statement "The technological protection measures were designed into the iPhone precisely to prevent these kinds of pernicious activities, and if granted, the jailbreaking exemption would open the door to them" seems to infer an assumption of liability for non-jailbroken phones. I wonder if Apple has thought through the legal ramifications of these statements.

And finally, is Apple saying that "a local or international hacker" intent on "initiat[ing] commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data" would be stopped in his nefarious (and extremely illegal) deeds by the (mild, in comparison) legal prohibition against jailbreaking the phone?

Is that what Apple is saying? I just want to be clear on this.

Or, could the real issue be that Apple has in their contract with AT&T (as RIM does also, unfortunately) that certain capabilities [slashdot.org] will not be available through the app store that could be used to side-step carrier fees? Is it possible that this is the real issue, and the security issue is a rather weak smoke screen? Mind you, if that really is the case, then fine. It's their product, they can assume any position they want. But have the intellectual honesty to cop to it.

If Apple sold the phones unlocked or at least allowed any consumer to pay a fee to legally unlock their phones at a wireless carrier store, most people would not have any need to jailbreak. I can see the danger of jailbreaking and software unlock code having either bugs or malicious backdoors which could be used crash networks.

My 3Gs is not jailbroken or unlocked but I had to jailbreak and unlock my 3G before I sold it as it was sold to someone on the Rogers network and that phone was bought at Fido. I would rather not have to risk using untested and forensically unverified just to be able to use foreign sims in my 3GS and I'd be willing to pay a fee to Fido to be able to unlock the device.

Carriers should give consumers a break but giving a legal/official option for unlocking phones especially if we bought it unsubsidized.

Apple is partially right. Their closed business model has lead to the success of the iPhone. (Happy now?)

Seriously. The tight control on the user experience is what maintains the appeal of the device. For most people.

However, where they're wrong is in thinking that they need to prevent jailbreaking in order to maintain this. The people jailbreaking their phones aren't in the majority who bought the phone for the slick and stylish integration. They're a harmless minority, and Apple should be grateful for the extra revenue that a little bit of hacking has brought in.

They're not really playing to the ignorance of their base, as it's not their base that they're trying to convince. They're trying to convince the Copyright Office, which is almost as bad because they cannot be reasonably expected to understand the intricacies of cellular network technology. That burden lies with the network operators and the FCC. As for the question of whether jailbreaking is good policy from a copyright perspective, the Copyright Office shouldn't care much about potential network problems.

Now from a technical perspective: AT&T is a GSM/EDGE/UTMS network. If the iPhone is supposed to work on their network, it conforms to those international, well-vetted standards. (An part of those standards is the use of a SIM card specifically so a user can separate the handset from the network.) There shouldn't be anything that an iPhone can do on their network that any other cell modem couldn't do. TFA isn't coming up for me, so I'm not sure what Apple's specific claims are, but I have a hard time imagining that AT&T gave them some unique, magic software key to a very well-defined tower structure.

As always, they're playing upon the ignorance of their userbase. I give it, say, 35 minutes before someone here posts why Apple is full of balderdash for saying this. I give it 5 minutes before some iTard rushes to their defense.

Well, this is not exactly a technical explanation, but here we go... I live in Vietnam, where basically you can buy the latest and greatest of any brand (I own a HTC Touch HD), but the majority of cellphones are local brands (for example Bavapen) or clones of popular phones (mostly blackberries). I've just read a report on how they are done. Basically parts are imported from China, and assembled in mom & pop shops (Bavapen is a major brand, but you have dozens of smaller brands), loaded with whatever baseband processor software is available.

Now the thing is, it's incredibly easy to set up shop and assemble your own phones. This part of the market seems to be completely unregulated. And yet, in this 85+ million market I never heard anything about dangers to cell towers. We have basically 3 major and 5-6 minor carriers, 99,99% of all phones are not locked to any of these, and a good chunk of the phones are loaded with software from who knows what sources. I would assume that the situation is very similar in the rest of SE Asia and China.

Now I know this is not proof in itself, and I don't know for sure about the rest of Asia, but it is safe to assume that we have hundreds of millions of phones on the market with hundreds of different baseband processor software coming from shady sources, yet to my knowledge, there hasn't been in single attack on cell towers via software loaded on the phones themselves. And although this region is relatively stable, cyberattacks, just like elsewhere, are pretty common. I believe that if this could be done, it would have been done or tried already.

The iPhone OS is a scaled-down OS X, built on a solid BSD foundation. If you're really going to argue this, then Apple should retain that same tight control over OS X apps, right? Because OS X can't be trusted to keep your Macbook secure?

And that assumes this is correct:

This QA that Apple provides is of great value.

Apple accepts and rejects apps pretty much arbitrarily -- and not just for security reasons. They reject apps that might compete with something they're doing, they reject apps

If Apple didn't have its hoop-jumping content-based approval process, and just approved apps based on technical safety, then there wouldn't be any need for people to hack their devices and consequently install unsecure, potentially dangerous software.

As other comments point out, the lock is in place on the lower level, because the baseband operations are separate from what jailbreaking gives you. The problems are inherent to the GSM spec, and are maintained thanks to backwards compatibility requirements. Anyone with a transmitter of the appropriate frequency and a computer can cause the same havoc to a GSM provider. By Apple's argument, open source phones like openmoko should be outlawed. A cellular network could be set up with measure to enforce that only approved phones and applications may run, and that is the approach of CDMA (Verizon Wireless).